> I think there are also security considerations. Is PROJ proofed against > malicious grid files like our browsers are against malicious javascript? Good point. It seems that proj releases then need hashes of grids; perhaps they should be fetched by hash.